Quick Guide to CE Marking Your Software
The CE marking is the final visual step in your Cyber Resilience Act (CRA) compliance journey, signaling that your app, game, or software meets EU requirements. Here’s how to get it done.
Step 1: Ensure Your Software is Compliant
Before you even think about the CE logo, you must do the actual work.
- Meet Essential Requirements: Ensure your software and your vulnerability handling processes comply with the essential requirements in Annex I.
- Perform Conformity Assessment: For most software, this will be your internal self-assessment (Module A). This involves creating your Technical Documentation (Article 31 and Annex VII), which contains your risk assessment, SBOM, test results, and more.
You cannot affix the CE mark without having completed these steps.
Step 2: Draw Up the EU Declaration of Conformity (DoC)
The DoC is the formal, legal document where you, the manufacturer, declare under your sole responsibility that the product is compliant. This is a prerequisite for CE marking (Article 13, Paragraph 12).
Step 3: Affix the CE Marking
Once your DoC is signed, you can affix the CE mark.
- Placement for Software (Article 30, Paragraph 1):
- You can't stick a label on code. For software, the CE mark should be placed either on the EU Declaration of Conformity itself or on a website accompanying the software.
- If using a website, the location must be "easily and directly accessible to consumers". An "About" page, legal section, or download page are good candidates.
- Format: The CE mark has a specific design and proportions that must be respected. Make sure you use the correct logo.
- Timing: The mark must be affixed before you place the software on the market (Article 30, Paragraph 3).
Key Takeway
To CE mark your software: first, ensure full compliance and complete all required documentation (especially the DoC). Then, affix the correctly formatted CE logo in an accessible digital location like your website or on the DoC itself before release.